Bruce Schneier explains that because screeners take no action with liquids other than to throw them away, there’s no reason a terrorist won’t keep trying until they succeed. Check it out. Tags: TSA

Bruce Schneier explains how easy it is to get past security and fly on a plane even if you’re on the supposed “no fly list”

Buy a ticket in some innocent person’s name. At home, before your flight, check in online and print out your boarding pass. Then, save that web page as a PDF and use Adobe Acrobat to change the name on the boarding pass to your own. Print it again. At the airport, use the fake boarding pass and your valid ID to get through security. At the gate, use the real boarding pass in the fake name to board your flight.

His article on why the no-fly-list and photo ID checks are useless against terrorists here. Tags: No-Fly List, Security Theater, TSA

The TSA's CLEAR program where people can spend $100 to be "pre-screened" at airports and bypass security had a security hit recently when a laptop (doesn't this get old) with customer data was stolen. Well gosh, how could they ever have seen that coming? Anyway, Schneier covers the story and links to the TSA's response as well as taking a moment to denounce the program again along with most of what the TSA is doing for airport security. Since I've met the privacy officer for the TSA and know he knows what he's doing, the only reason I can come up with for this is that they're not listening to him when he's telling them not to put this kind of data on laptops unencrypted. Tags: Big Brother, lost laptop, TSA, Well Duh!

I ended up sitting next to Peter Pietra, the head of the privacy department at the TSA. This gave me an interesting opportunity to talk about issues of privacy when dealing with their agency and the first thing I asked was about the pornographic backscatter x-ray devices. He was clearly frustrated (and I don't blame him) as I'm sure this is a topic that assaults him regularly. The issue is that backscatter CAN see through your clothes, but the TSA orders the devices preconfigured at a level that prevents them from seeing pictures such as these one on the Internet. They are also unable to modify the configuration. In fact what they actually see, as shown on their site, is smeared blob that highlights objects, but not skin. The issue that I have here is that if the TSA's claims of how they use the technology are true, then what the hell was all the hype about?

Images will be deleted immediately once viewed and will never be stored, transmitted or printed (the passenger imaging units have zero storage capability) Metallic and non-metallic objects are displayed, including all items that a passenger may be carrying on his/her person

Also, according to the website, you can always choose to have a pat-down instead. I asked Peter about this because it seems to me most people aren't going to know to go to the website and read about Backscatter before being faced with it at an airport, but he said that the sample picture on the web is printed right on the machine and people are supposed to be shown the picture and told of the option for pat down prior to being scanned.

Final Thoughts

I notice that the picture on the TSA site is from behind so probably doesn't fairly show how much frontal detail they would see so for full disclosure, they should show a frontal picture. However, I can understand why someone wouldn't want to show what amounts to nudity on these machines for propriety reasons and don't necessarily consider that evasive. What more can you ask for than clear disclosure and a reasonable choice? Granted the technology can be used for worse things, but the devices is about as small and conspicuous as a casket so you'll never be scanned without your knowledge. If they are configured correctly, store nothing, and you can opt for a pat down, then perhaps some have been too harsh on both the technology and the agency. Speaking of, EPIC's article that led me to write about backscatter in the first place unfairly show the capabilities of backscatter ignoring the actual use of the technology by the TSA. I'm sure there's someone from EPIC around the conference somewhere and I'll be sure to ask them about it.

What TSA Sees

What EPIC Shows

Tags: Backscatter, TSA

I talked last week about how the TSA has opened a blog and allowed the public en masse to attack them outright through comments blasting them for all their varied foibles. Well it turns out that it's working well! The TSA has changed a policy that at least one airport put into effect that required passengers to remove all their electronics. It seems that the TSA didn't know it was happened, but stopped the practice. Tags: TSA

In what appears to be an attempt to counter the black hole that is their reputation, the TSA has launced a blog called "Evolution of Security". Like most things Bushian, it starts out by inflating their viewpoint somehow implying that they are right about everything they do just in the title. And their tagline:

Terrorists Evolve. Threats Evolve. Security Must Stay Ahead. You Play A Part.

Awwwww… Isn't that nice? Too bad we disagree on how security must evolve. Bruce Schneier has pretty much successfully challenged every major TSA policy, but they refuse to acknowledge him (yes I know he interviewed the head of the TSA, but did he get meaningful answers?). I wonder how long they'll be able to keep the blog up against the storm of complaints that is so inevitably on the horizon. (H/T to Ars Technica for the link) Tags: Security Theater, TSA